<?php
require_once('config.inc.php');//$pdo; $uid; ROOT

//测试数据
//file_put_contents('reset.txt', json_encode($_POST));
//die();
//{"username":"huodeming","email":"huodeming1@163.com","toke":"4fad00f348cca4362f8cd8b24ff38309","key":"1598505175","password":"123","password1":"123","code":"rn9h"}
//$_POST = json_decode('{"email":"huodeming1@163.com","toke":"4fad00f348cca4362f8cd8b24ff38309","key":"1598505175","username":"huodeming","password":"123456","password1":"123456","code":"67kd"}',TRUE);

//非法操作
if(empty($_POST['email']) || empty($_POST['code']) || empty($_POST['username']) || empty($_POST['toke']) || empty($_POST['key']) || empty($_POST['password']) || empty($_POST['password1'])){
	$result = ['success'=>0,'msg'=>'0非法操作!'];
	die(json_encode($result));
}
//两次输入的密码不同
if($_POST['password'] != $_POST['password1']){
	$result = ['success'=>0,'msg'=>'1验证码不正确!'];
	die(json_encode($result));
}


//验证码是否正确
if(strtolower($_POST['code']) != strtolower($_SESSION['verify'])){
	$result = ['success'=>0,'msg'=>'2验证码不正确!'];
	die(json_encode($result));
}

//验证别超时
if(time() > $_POST['key'] || $_POST['key'] < time()-60*60*24){
	$result = ['success'=>0,'msg'=>'3此链接不在有效期内!必须是邮发送邮件时起算,并且在24小时内才有效!'];
	die(json_encode($result));
}

//其实可以修改用户名,邮箱,及密码的....但....不建议这么操作

$sql = "SELECT uid,uname,email FROM kp_usr WHERE email=?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$_POST['email']]);
$res = $stmt->fetchAll(PDO::FETCH_ASSOC);
if(count($res) == 1){
	if(md5($res[0]['email']) != $_POST['toke']){
		$result = ['success'=>0,'msg'=>'4非法操作:此用户生成的toke值不正确!!!'];
		die(json_encode($result));
	}
}else{
	$result = ['success'=>0,'msg'=>'5非法操作:不存在你要改密码的用户名!!!'];
	die(json_encode($result));
}

//同时设置用户名与密码的语句。。。。（注意要把用户名input的readonly属性去掉）,也可以加个input框把邮箱也修改掉也行....
//$sql = "UPDATE kp_usr SET uname=?,upwd=? WHERE uid=?";
$sql = "UPDATE kp_usr SET upwd=? WHERE uid=?";
$stmt = $pdo->prepare($sql);
$rows = $stmt->execute([md5($_POST['password']),$res[0]['uid']]);
$result = ['success'=>1,'msg'=>'000修改登陆信息成功!!!'];
echo json_encode($result);





?>